The National Institute of Standards and Technology (NIST) has issued an updated version of the standard specification Personal Identification Verification (PIV) Card that federal employees and contractors use to enter government facilities or log on to federal computer systems.

"Offering a strong credential provides better identity assurance as to who you are," explains Hildegard Ferraiolo, a NIST computer scientist who co-authored the document. "The standard can be updated every five years, if needed, and agencies wanted to incorporate their years of experience in a fresher revision."

The original FIPS 201 document from 2005 required all PIV cards to contain an integrated circuit chip for storing electronic credentials and protected biometric data—fingerprint specifics and, optionally, a photograph.

The FIPS 201-2 revision includes adaptions to changes in the environment since the original FIPS 201. It does not require existing cards to be replaced. Close to 5 million cards have been issued to date.

New FIPS 201-2 capabilities include:

derived PIV credential option for use in mobile devices such as mobile phones and tablets for improved security;

The specification of the optional iris biometric is based on the ISO/IEC 19794-6 iris biometric standard published in 2011. These specifications can serve other iris-based authentication uses cases beyond the PIV program. The on-card fingerprint comparison may be used as an alternate to the Personal Identification Number in use currently. More information on these options can be found in the recently published, Biometric Data Specifications for Personal Identity Verification (NIST Special Publication 800-76-2). This publication is one of several that provide guidance to support FIPS 201.